From patchwork Mon Jan 11 13:19:14 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 8003751
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
X-Original-To: patchwork-linux-arm@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 01EABBEEE5
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 11 Jan 2016 13:31:35 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 166C2201FE
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 11 Jan 2016 13:31:34 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.9])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id BCCA320220
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 11 Jan 2016 13:31:25 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1aIcXd-0005YZ-Hm; Mon, 11 Jan 2016 13:29:49 +0000
Received: from mail-wm0-x22d.google.com ([2a00:1450:400c:c09::22d])
	by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
	Linux)) id 1aIcOg-0003cp-Eg
	for linux-arm-kernel@lists.infradead.org;
	Mon, 11 Jan 2016 13:20:38 +0000
Received: by mail-wm0-x22d.google.com with SMTP id f206so268050308wmf.0
	for <linux-arm-kernel@lists.infradead.org>;
	Mon, 11 Jan 2016 05:20:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=rwSldPlYYwZAJM9zIu0cPPCCGLIdxezSWEgwVlmxsdE=;
	b=NuCZxqBUckHel3R9wjsag6k3IrOC7IPbz9m2/7LMQEZb95EVz03zNX2is3iVBE8Vyu
	SbA5+wA50IyLC2NFdzOoM+A/CZfQoIGKBCbcaNK4au9tgRAG/10Fk4YHO90rX/mei8gW
	Ma4nbSY6Os4WMh9TRgP2obDgHTKQg0S+c6jeo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=rwSldPlYYwZAJM9zIu0cPPCCGLIdxezSWEgwVlmxsdE=;
	b=AQykdwK8HDJCEjmd5bd3IUhPRdYudBttGhzzpeMAS9Yh/fE5MyHhcCplUMiXg9i2DV
	AW3x+mFpMVaIBM6Xp2bL+fwtl0ixI/Q2rMiF2BekjzOO9u9sOFqU1lvuo55W2PCKCNdv
	ypr75biT1IU/7TnU6iqMo2B7b0VjCapIcKyDp+VPEDK4znNiEX2liyqlVmawZ40ZTDXH
	hxld4MJAoMNBqMZqxWDp3K02HbUbR3BbYWf0VAK+ZpqLdNg+rlKdJG4vnzvEYVvM8in2
	brBW4ltm4TXXO+3QQyrPqZOL63ugEbf5oDV2E1YtFK/yJpU344K7jia9Ejesv4RrjkRQ
	VZkg==
X-Gm-Message-State: 
 ALoCoQngEM7BJ6GlnCIonQvIhYRtpVGui56SfOCjfvucfvdKUG601R+wAqJEEIvjP5+UCmn3LdkkpAMINmKpV+p94+u/5MKzFw==
X-Received: by 10.28.46.193 with SMTP id u184mr14479771wmu.102.1452518417703;
	Mon, 11 Jan 2016 05:20:17 -0800 (PST)
Received: from localhost.localdomain (cag06-7-83-153-85-71.fbx.proxad.net.
	[83.153.85.71]) by smtp.gmail.com with ESMTPSA id
	c15sm12766055wmd.19.2016.01.11.05.20.15
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 11 Jan 2016 05:20:17 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com,
	will.deacon@arm.com, catalin.marinas@arm.com, mark.rutland@arm.com,
	leif.lindholm@linaro.org, keescook@chromium.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH v3 20/21] efi: stub: use high allocation for converted
	command line
Date: Mon, 11 Jan 2016 14:19:14 +0100
Message-Id: <1452518355-4606-22-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.5.0
In-Reply-To: <1452518355-4606-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1452518355-4606-1-git-send-email-ard.biesheuvel@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20160111_052034_978671_4EF2173F 
X-CRM114-Status: GOOD (  14.19  )
X-Spam-Score: -2.7 (--)
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Matt Fleming <matt@codeblueprint.co.uk>, arnd@arndb.de,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	bhupesh.sharma@freescale.com,
	stuart.yoder@freescale.com, marc.zyngier@arm.com,
	christoffer.dall@linaro.org
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Before we can move the command line processing before the allocation
of the kernel, which is required for detecting the 'nokaslr' option
which controls that allocation, move the converted command line higher
up in memory, to prevent it from interfering with the kernel itself.

Since x86 needs the address to fit in 32 bits, use UINT_MAX as the upper
bound there. Otherwise, use ULONG_MAX (i.e., no limit)

Cc: Matt Fleming <matt@codeblueprint.co.uk>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk>
---
 arch/x86/include/asm/efi.h                     |  2 ++
 drivers/firmware/efi/libstub/efi-stub-helper.c | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
index 0010c78c4998..08b1f2f6ea50 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -25,6 +25,8 @@
 #define EFI32_LOADER_SIGNATURE	"EL32"
 #define EFI64_LOADER_SIGNATURE	"EL64"
 
+#define MAX_CMDLINE_ADDRESS	UINT_MAX
+
 #ifdef CONFIG_X86_32
 
 
diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index f07d4a67fa76..2a7a3015d7e0 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -649,6 +649,10 @@ static u8 *efi_utf16_to_utf8(u8 *dst, const u16 *src, int n)
 	return dst;
 }
 
+#ifndef MAX_CMDLINE_ADDRESS
+#define MAX_CMDLINE_ADDRESS	ULONG_MAX
+#endif
+
 /*
  * Convert the unicode UEFI command line to ASCII to pass to kernel.
  * Size of memory allocated return in *cmd_line_len.
@@ -684,7 +688,15 @@ char *efi_convert_cmdline(efi_system_table_t *sys_table_arg,
 
 	options_bytes++;	/* NUL termination */
 
-	status = efi_low_alloc(sys_table_arg, options_bytes, 0, &cmdline_addr);
+	/*
+	 * Allocate a buffer for the converted command line as high up
+	 * in memory as is feasible: x86 needs the command line allocation
+	 * to be below 4 GB, but non-x86 architectures may not have any
+	 * memory there. So prefer below 4 GB, and allocate anywhere if
+	 * that fails.
+	 */
+	status = efi_high_alloc(sys_table_arg, options_bytes, 0,
+				&cmdline_addr, MAX_CMDLINE_ADDRESS);
 	if (status != EFI_SUCCESS)
 		return NULL;